After $50 Million Breach, KyberSwap Faces Hacker’s Shocking Demands
The individual claiming responsibility for the hack on KyberSwap, a multi-chain decentralized exchange (DEX) aggregator, has issued a set of astonishing demands.
The hacker, self-identified as “Kyber Director,” communicated through a transaction on the Ethereum blockchain, demanding complete executive control over Kyber, the company, and full authority over its governance mechanism, KyberDAO.
A hacker’s unprecedented ultimatum
The demands outlined by the hacker are unparalleled in the history of cryptocurrency breaches. They include a surrender of all company assets, both on-chain and off-chain, encompassing shares, equity, tokens, partnerships, and intellectual property. In return, the hacker proposes a comprehensive restructuring of Kyber, promising to transform it from the seventh most popular DEX into a new cryptographic project.
Notably, the hacker has offered to buy out executives at a fair valuation, double the salaries of remaining employees, and provide a 12-month severance package for those who choose to leave. Token holders and investors are assured their tokens will retain value, and liquidity providers (LPs) are offered a 50% rebate on recent losses. The hacker has set a deadline of Dec. 10 for these demands to be met. Otherwise, the proposal will be withdrawn.
A $47 million attack
On November 23, 2023, KyberSwap fell victim to a smart contract reentrancy attack that led to a staggering loss of approximately $47 million across multiple networks, including Arbitrum, Optimism, Kyber Mainnet, and Polygon.
The attack’s epicenter was a wallet address that played a central role in receiving and redistributing the stolen funds.
This breach resulted in a 90% plunge in KyberSwap’s total value locked (TVL) (from $85 million to a mere $8.28 million).
The primary flaw was identified in the mint function of KyberSwap’s new v2 reinvestment token (KS2-RT), which contained a loophole for reentrancy attacks.
In response, Kyber Network urged users to withdraw their funds as a precaution and has since been working to address the security lapse and mitigate future risks.